GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-08-24 13:48:21 Windows 6.1.7600 \Device\Harddisk0\DR0 -> \Device\0000006a TOSHIBA_ rev.GH10 232,89GB Running: qqtne367.exe; Driver: C:\Users\Soesje\AppData\Local\Temp\awloifoc.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8C4494BA] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x8C965C22] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x8C449ED6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8C454FA8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8C454FF4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8C455176] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8C454F16] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x8C965FA6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8C454F5E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0x8C44A11C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThreadEx [0x8C44A2F4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8C455130] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0x8C44A93E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8C449508] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x8C965CEA] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x8C9643EC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8C449556] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8C44E534] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8C44B3A6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8C454FD2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8C455016] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8C45519A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8C454F3C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8C4550BA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8C454F86] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8C455154] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x8C965E4A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8C44B272] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThreadEx [0x8C44AF86] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8C4495A4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8C4495F2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0x8C44A7BE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8C4491FA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8C4493AA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8C449350] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0x8C44AAF8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0x8C44AC54] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8C44941A] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x8C965EFE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0x8C44A636] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0x8C96441C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8C449640] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x8C965D96] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8C97EE56] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRollbackTransaction + 13E9 822868D9 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 822AB312 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!RtlSidHashLookup + 244 822B2B04 4 Bytes [BA, 94, 44, 8C] .text ntkrnlpa.exe!RtlSidHashLookup + 26C 822B2B2C 4 Bytes [22, 5C, 96, 8C] {AND BL, [ESI+EDX*4-0x74]} .text ntkrnlpa.exe!RtlSidHashLookup + 2CC 822B2B8C 4 Bytes [D6, 9E, 44, 8C] .text ntkrnlpa.exe!RtlSidHashLookup + 320 822B2BE0 8 Bytes [A8, 4F, 45, 8C, F4, 4F, 45, ...] .text ntkrnlpa.exe!RtlSidHashLookup + 32C 822B2BEC 4 Bytes [76, 51, 45, 8C] .text ... PAGE ntkrnlpa.exe!ObMakeTemporaryObject 8244D387 5 Bytes JMP 8C97BCF6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject + 27 82467095 5 Bytes JMP 8C97D828 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 824B1700 4 Bytes CALL 8C44BA8D \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 824B97A8 4 Bytes CALL 8C44BAA3 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx 8251F3F0 7 Bytes JMP 8C97EE5A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8CC30000, 0x353030, 0xE8000020] .text kernel32.dll!GetBinaryTypeW + 70 771C7934 1 Byte [62] .text user32.dll!UnhookWindowsHookEx 76C1CC7B 5 Bytes [E9, 88, 3D, 5E, 89] {JMP 0x895e3d8d} .text user32.dll!UnhookWinEvent 76C1D924 5 Bytes [E9, D3, 2A, 5E, 89] {JMP 0x895e2ad8} .text user32.dll!SetWindowsHookExW 76C2210A 5 Bytes [E9, F5, E6, 5D, 89] {JMP 0x895de6fa} .text user32.dll!SetWinEventHook 76C2507E 5 Bytes [E9, 75, B1, 5D, 89] {JMP 0x895db17a} .text user32.dll!SetWindowsHookExA 76C46DFA 5 Bytes [E9, 01, 98, 5B, 89] {JMP 0x895b9806} .text sechost.dll!SetServiceObjectSecurity 75F75181 5 Bytes [E9, 8E, BE, 27, 8A] {JMP 0x8a27be93} .text sechost.dll!ChangeServiceConfigA 75F75254 5 Bytes [E9, AB, B5, 27, 8A] {JMP 0x8a27b5b0} .text sechost.dll!ChangeServiceConfigW 75F753D5 5 Bytes [E9, 2E, B6, 27, 8A] {JMP 0x8a27b633} .text sechost.dll!ChangeServiceConfig2A 75F754C2 5 Bytes [E9, 45, B7, 27, 8A] {JMP 0x8a27b74a} .text sechost.dll!ChangeServiceConfig2W 75F755E2 5 Bytes [E9, 29, B8, 27, 8A] {JMP 0x8a27b82e} .text sechost.dll!CreateServiceA 75F7567C 5 Bytes [E9, 77, AB, 27, 8A] {JMP 0x8a27ab7c} .text sechost.dll!CreateServiceW 75F7589F 5 Bytes [E9, 58, AB, 27, 8A] {JMP 0x8a27ab5d} .text sechost.dll!DeleteService 75F75A22 5 Bytes [E9, D9, AB, 27, 8A] {JMP 0x8a27abde} ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[360] kernel32.dll!GetBinaryTypeW + 70 771C7934 1 Byte [62] .text C:\Windows\system32\svchost.exe[372] kernel32.dll!GetBinaryTypeW + 70 771C7934 1 Byte [62] .text C:\Windows\system32\csrss.exe[432] kernel32.dll!GetBinaryTypeW + 70 771C7934 1 Byte [62] .text C:\Windows\system32\wininit.exe[504] kernel32.dll!GetBinaryTypeW + 70 771C7934 1 Byte [62] .text C:\Windows\system32\csrss.exe[512] kernel32.dll!GetBinaryTypeW + 70 771C7934 1 Byte [62] .text ... .text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[1304] ntdll.dll!LdrUnloadDll 779FBF1F 5 Bytes JMP 001E03FC .text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[1304] ntdll.dll!LdrLoadDll 779FF625 5 Bytes JMP 001E01F8 .text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[1304] KERNEL32.dll!GetBinaryTypeW + 70 771C7934 1 Byte [62] .text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[1304] USER32.dll!UnhookWindowsHookEx 76C1CC7B 5 Bytes JMP 00270A08 .text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[1304] USER32.dll!UnhookWinEvent 76C1D924 5 Bytes JMP 002703FC .text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[1304] USER32.dll!SetWindowsHookExW 76C2210A 5 Bytes JMP 00270804 .text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[1304] USER32.dll!SetWinEventHook 76C2507E 5 Bytes JMP 002701F8 .text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[1304] USER32.dll!SetWindowsHookExA 76C46DFA 5 Bytes JMP 00270600 .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[1320] kernel32.dll!GetBinaryTypeW + 70 771C7934 1 Byte [62] .text C:\Windows\system32\svchost.exe[1404] kernel32.dll!GetBinaryTypeW + 70 771C7934 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1476] kernel32.dll!SetUnhandledExceptionFilter 771B3122 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1476] kernel32.dll!GetBinaryTypeW + 70 771C7934 1 Byte [62] .text C:\Windows\System32\spoolsv.exe[1556] kernel32.dll!GetBinaryTypeW + 70 771C7934 1 Byte [62] .text C:\Windows\system32\svchost.exe[1592] kernel32.dll!GetBinaryTypeW + 70 771C7934 1 Byte [62] .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1736] kernel32.dll!GetBinaryTypeW + 70 771C7934 1 Byte [62] .text C:\Program Files\OrangeBusinessServices\Manager polaczen\{ad30a369-08e3-414c-9d2c-7f47dbe748da}\BEWConfigSrv.exe[1772] kernel32.dll!GetBinaryTypeW + 70 771C7934 1 Byte [62] .text ... .text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[3300] ntdll.dll!LdrUnloadDll 779FBF1F 5 Bytes JMP 001E03FC .text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[3300] ntdll.dll!LdrLoadDll 779FF625 5 Bytes JMP 001E01F8 .text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[3300] KERNEL32.dll!GetBinaryTypeW + 70 771C7934 1 Byte [62] .text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[3300] USER32.dll!UnhookWindowsHookEx 76C1CC7B 5 Bytes JMP 001F0A08 .text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[3300] USER32.dll!UnhookWinEvent 76C1D924 5 Bytes JMP 001F03FC .text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[3300] USER32.dll!SetWindowsHookExW 76C2210A 5 Bytes JMP 001F0804 .text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[3300] USER32.dll!SetWinEventHook 76C2507E 5 Bytes JMP 001F01F8 .text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[3300] USER32.dll!SetWindowsHookExA 76C46DFA 5 Bytes JMP 001F0600 .text C:\Program Files\TOSHIBA\Utilities\KeNotify.exe[3364] kernel32.dll!GetBinaryTypeW + 70 771C7934 1 Byte [62] .text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[3452] kernel32.dll!GetBinaryTypeW + 70 771C7934 1 Byte [62] .text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[3456] kernel32.dll!GetBinaryTypeW + 70 771C7934 1 Byte [62] .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3512] kernel32.dll!GetBinaryTypeW + 70 771C7934 1 Byte [62] .text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[3520] kernel32.dll!GetBinaryTypeW + 70 771C7934 1 Byte [62] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3560] ntdll.dll!LdrUnloadDll 779FBF1F 5 Bytes JMP 001F03FC .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3560] ntdll.dll!LdrLoadDll 779FF625 5 Bytes JMP 001F01F8 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3560] KERNEL32.dll!GetBinaryTypeW + 70 771C7934 1 Byte [62] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3560] USER32.dll!UnhookWindowsHookEx 76C1CC7B 5 Bytes JMP 00200A08 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3560] USER32.dll!UnhookWinEvent 76C1D924 5 Bytes JMP 002003FC .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3560] USER32.dll!SetWindowsHookExW 76C2210A 5 Bytes JMP 00200804 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3560] USER32.dll!SetWinEventHook 76C2507E 5 Bytes JMP 002001F8 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3560] USER32.dll!SetWindowsHookExA 76C46DFA 5 Bytes JMP 00200600 .text C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[3596] kernel32.dll!GetBinaryTypeW + 70 771C7934 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3600] kernel32.dll!GetBinaryTypeW + 70 771C7934 1 Byte [62] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3656] ntdll.dll!LdrUnloadDll 779FBF1F 5 Bytes JMP 000E03FC .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3656] ntdll.dll!LdrLoadDll 779FF625 5 Bytes JMP 000E01F8 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3656] KERNEL32.dll!GetBinaryTypeW + 70 771C7934 1 Byte [62] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3656] USER32.dll!CharToOemA + 3A 76C1B1DE 7 Bytes JMP 6224D8D4 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3656] USER32.dll!UnhookWindowsHookEx 76C1CC7B 5 Bytes JMP 000F0A08 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3656] USER32.dll!UnhookWinEvent 76C1D924 5 Bytes JMP 000F03FC .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3656] USER32.dll!SetWindowsHookExW 76C2210A 5 Bytes JMP 000F0804 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3656] USER32.dll!SetWinEventHook 76C2507E 5 Bytes JMP 000F01F8 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3656] USER32.dll!AdjustWindowRectEx + 117 76C2660F 7 Bytes JMP 6224D863 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3656] USER32.dll!GetWindowInfo 76C26A82 5 Bytes JMP 620A2A67 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3656] USER32.dll!MenuItemFromPoint + F 76C44B36 7 Bytes JMP 620A306A C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3656] USER32.dll!SetWindowsHookExA 76C46DFA 5 Bytes JMP 000F0600 .text C:\Windows\system32\taskeng.exe[3780] kernel32.dll!GetBinaryTypeW + 70 771C7934 1 Byte [62] .text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[3832] kernel32.dll!GetBinaryTypeW + 70 771C7934 1 Byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4012] kernel32.dll!GetBinaryTypeW + 70 771C7934 1 Byte [62] .text C:\Program Files\Mozilla Firefox\firefox.exe[4044] ntdll.dll!LdrUnloadDll 779FBF1F 5 Bytes JMP 001E03FC .text C:\Program Files\Mozilla Firefox\firefox.exe[4044] ntdll.dll!LdrLoadDll 779FF625 5 Bytes JMP 61B6EEB0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[4044] KERNEL32.dll!K32GetDeviceDriverBaseNameW + 16F 771AC0A7 7 Bytes JMP 62179778 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[4044] KERNEL32.dll!CloseHandle + 38 771B05CF 7 Bytes JMP 6217979B C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[4044] KERNEL32.dll!GetExitCodeProcess + 2C 771B311D 7 Bytes JMP 61B74CE9 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[4044] KERNEL32.dll!GetBinaryTypeW + 70 771C7934 1 Byte [62] .text C:\Program Files\Mozilla Firefox\firefox.exe[4044] USER32.dll!UnhookWindowsHookEx 76C1CC7B 5 Bytes JMP 001F0A08 .text C:\Program Files\Mozilla Firefox\firefox.exe[4044] USER32.dll!UnhookWinEvent 76C1D924 5 Bytes JMP 001F03FC .text C:\Program Files\Mozilla Firefox\firefox.exe[4044] USER32.dll!SetWindowsHookExW 76C2210A 5 Bytes JMP 001F0804 .text C:\Program Files\Mozilla Firefox\firefox.exe[4044] USER32.dll!SetWinEventHook 76C2507E 5 Bytes JMP 001F01F8 .text C:\Program Files\Mozilla Firefox\firefox.exe[4044] USER32.dll!GetWindowInfo 76C26A82 5 Bytes JMP 620A9464 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[4044] USER32.dll!SetWindowsHookExA 76C46DFA 5 Bytes JMP 001F0600 .text C:\Program Files\Mozilla Firefox\firefox.exe[4044] GDI32.dll!GetViewportOrgEx + 21C 775A85EB 7 Bytes JMP 621796F9 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4064] kernel32.dll!GetBinaryTypeW + 70 771C7934 1 Byte [62] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] ntdll.dll!NtCreateFile + 6 779E4A36 4 Bytes [28, 48, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] ntdll.dll!NtCreateFile + B 779E4A3B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] ntdll.dll!NtCreateKey + 6 779E4A76 4 Bytes [68, 49, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] ntdll.dll!NtCreateKey + B 779E4A7B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] ntdll.dll!NtCreateMutant + 6 779E4AB6 4 Bytes [68, 4A, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] ntdll.dll!NtCreateMutant + B 779E4ABB 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] ntdll.dll!NtCreateSection + 6 779E4B56 4 Bytes [A8, 4A, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] ntdll.dll!NtCreateSection + B 779E4B5B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] ntdll.dll!NtMapViewOfSection + B 779E509B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] ntdll.dll!NtOpenFile + 6 779E5146 4 Bytes [68, 48, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] ntdll.dll!NtOpenFile + B 779E514B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] ntdll.dll!NtOpenKey + 6 779E5176 4 Bytes [A8, 49, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] ntdll.dll!NtOpenKey + B 779E517B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] ntdll.dll!NtOpenKeyEx + B 779E518B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] ntdll.dll!NtOpenMutant + 6 779E51C6 4 Bytes [28, 4A, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] ntdll.dll!NtOpenMutant + B 779E51CB 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] ntdll.dll!NtOpenProcess + 6 779E51F6 4 Bytes [68, 4B, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] ntdll.dll!NtOpenProcess + B 779E51FB 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] ntdll.dll!NtOpenProcessToken + 6 779E5206 4 Bytes [A8, 4B, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] ntdll.dll!NtOpenProcessToken + B 779E520B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] ntdll.dll!NtOpenProcessTokenEx + 6 779E5216 4 Bytes [68, 4C, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] ntdll.dll!NtOpenProcessTokenEx + B 779E521B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] ntdll.dll!NtOpenSection + B 779E523B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] ntdll.dll!NtOpenThread + 6 779E5276 4 Bytes [28, 4B, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] ntdll.dll!NtOpenThread + B 779E527B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] ntdll.dll!NtOpenThreadToken + 6 779E5286 4 Bytes [28, 4C, 07, 00] {SUB [EDI+EAX+0x0], CL} .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] ntdll.dll!NtOpenThreadToken + B 779E528B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] ntdll.dll!NtOpenThreadTokenEx + 6 779E5296 4 Bytes [A8, 4C, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] ntdll.dll!NtOpenThreadTokenEx + B 779E529B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] ntdll.dll!NtQueryAttributesFile + 6 779E53A6 4 Bytes [A8, 48, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] ntdll.dll!NtQueryAttributesFile + B 779E53AB 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] ntdll.dll!NtQueryFullAttributesFile + B 779E545B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] ntdll.dll!NtSetInformationFile + 6 779E5AA6 4 Bytes [28, 49, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] ntdll.dll!NtSetInformationFile + B 779E5AAB 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] ntdll.dll!NtSetInformationThread + B 779E5B0B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] ntdll.dll!NtUnmapViewOfSection + 6 779E5E26 4 Bytes [28, 4D, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] ntdll.dll!NtUnmapViewOfSection + B 779E5E2B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] ntdll.dll!LdrUnloadDll 779FBF1F 5 Bytes JMP 000D03FC .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] ntdll.dll!LdrLoadDll 779FF625 5 Bytes JMP 000D01F8 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] KERNEL32.dll!CreateProcessW 7716202D 5 Bytes JMP 00090030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] KERNEL32.dll!CreateProcessA 77162062 5 Bytes JMP 00090070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] KERNEL32.dll!GetBinaryTypeW + 70 771C7934 1 Byte [62] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] GDI32.dll!SelectObject 775A61D0 5 Bytes JMP 000F05F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] GDI32.dll!SetTextColor 775A6622 5 Bytes JMP 000F0A30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] GDI32.dll!SetBkMode 775A66CD 5 Bytes JMP 000F08F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] GDI32.dll!DeleteObject 775A68B4 5 Bytes JMP 000F01B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] GDI32.dll!DeleteDC 775A6A2C 5 Bytes JMP 000F0170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] GDI32.dll!ExtSelectClipRgn 775A6C72 5 Bytes JMP 000F02F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] GDI32.dll!SelectClipRgn 775A6D84 5 Bytes JMP 000F05B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] GDI32.dll!GetDeviceCaps 775A6E03 5 Bytes JMP 000F03B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] GDI32.dll!SetStretchBltMode 775A73CE 5 Bytes JMP 000F06B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] GDI32.dll!GetCurrentObject 775A777C 5 Bytes JMP 000F0370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] GDI32.dll!GetTextMetricsW 775A798F 5 Bytes JMP 000F0E30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] GDI32.dll!IntersectClipRect 775A7CCA 5 Bytes JMP 000F03F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] GDI32.dll!GetTextAlign 775A7D15 5 Bytes JMP 000F0D70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] GDI32.dll!SetTextAlign 775A7F92 5 Bytes JMP 000F09F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] GDI32.dll!ExtTextOutW 775A8053 5 Bytes JMP 000F0970 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] GDI32.dll!GetClipBox 775A81F2 5 Bytes JMP 000F0330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] GDI32.dll!MoveToEx 775A8A16 5 Bytes JMP 000F0470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] GDI32.dll!CreateDCA 775A9975 5 Bytes JMP 000F00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] GDI32.dll!RestoreDC 775A9A10 5 Bytes JMP 000F0530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] GDI32.dll!SaveDC 775A9AD2 5 Bytes JMP 000F0570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] GDI32.dll!StretchDIBits 775AAC38 5 Bytes JMP 000F0770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] GDI32.dll!GetTextFaceW 775AB4CC 5 Bytes JMP 000F0D30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] GDI32.dll!GetTextExtentPoint32W 775AB535 5 Bytes JMP 000F0670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] GDI32.dll!GetFontData 775AB8E8 5 Bytes JMP 000F0C70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] GDI32.dll!CreateDCW 775ABD21 5 Bytes JMP 000F00F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] GDI32.dll!CreateICW 775AC660 5 Bytes JMP 000F0130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] GDI32.dll!LineTo 775ACA20 5 Bytes JMP 000F0430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] GDI32.dll!SetWorldTransform 775ACB42 5 Bytes JMP 000F06F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] GDI32.dll!GetTextMetricsA 775ACE46 5 Bytes JMP 000F0DF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] GDI32.dll!Rectangle 775AF5BE 5 Bytes JMP 000F09B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] GDI32.dll!SetICMMode 775AF8D4 5 Bytes JMP 000F0DB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] GDI32.dll!ExtTextOutA 775B0158 5 Bytes JMP 000F0930 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] GDI32.dll!GetTextExtentPoint32A 775B08BB 5 Bytes JMP 000F0630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] GDI32.dll!Escape 775B0B0D 5 Bytes JMP 000F0270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] GDI32.dll!ExtEscape 775B3472 5 Bytes JMP 000F02B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] GDI32.dll!GetTextFaceA 775B3E49 5 Bytes JMP 000F0CF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] GDI32.dll!SetPolyFillMode 775B6CE1 5 Bytes JMP 000F0B30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] GDI32.dll!SetMiterLimit 775B6E54 5 Bytes JMP 000F0B70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] GDI32.dll!ResetDCW 775C031C 5 Bytes JMP 000F0AB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] GDI32.dll!EndPage 775C07CD 5 Bytes JMP 000F0230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] GDI32.dll!GetGlyphOutlineW 775CC292 5 Bytes JMP 000F0CB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] GDI32.dll!CreateScalableFontResourceW 775CE8EF 5 Bytes JMP 000F0BB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] GDI32.dll!AddFontResourceW 775CECEB 5 Bytes JMP 000F0BF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] GDI32.dll!RemoveFontResourceW 775CF1E1 5 Bytes JMP 000F0C30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] GDI32.dll!AbortDoc 775D4D37 5 Bytes JMP 000F0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] GDI32.dll!EndDoc 775D517E 5 Bytes JMP 000F01F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] GDI32.dll!StartPage 775D5269 5 Bytes JMP 000F0730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] GDI32.dll!StartDocW 775D5BB6 5 Bytes JMP 000F07F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] GDI32.dll!BeginPath 775D635D 5 Bytes JMP 000F0830 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] GDI32.dll!SelectClipPath 775D63B4 5 Bytes JMP 000F0AF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] GDI32.dll!CloseFigure 775D640F 5 Bytes JMP 000F0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] GDI32.dll!EndPath 775D6466 5 Bytes JMP 000F0A70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] GDI32.dll!StrokePath 775D6699 5 Bytes JMP 000F07B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] GDI32.dll!FillPath 775D6726 5 Bytes JMP 000F0870 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] GDI32.dll!PolylineTo 775D6B94 5 Bytes JMP 000F04F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] GDI32.dll!PolyBezierTo 775D6C25 5 Bytes JMP 000F04B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] GDI32.dll!PolyDraw 775D6CD7 5 Bytes JMP 000F08B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] USER32.dll!ActivateKeyboardLayout 76C1817D 5 Bytes JMP 001004F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] USER32.dll!ScreenToClient 76C1C1F2 7 Bytes JMP 00100670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] USER32.dll!UnhookWindowsHookEx 76C1CC7B 5 Bytes JMP 00280A08 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] USER32.dll!UnhookWinEvent 76C1D924 5 Bytes JMP 002803FC .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] USER32.dll!RegisterClipboardFormatA 76C1E6B1 5 Bytes JMP 001002F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] USER32.dll!RegisterClipboardFormatW 76C1EDFD 5 Bytes JMP 001002B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] USER32.dll!SetWindowsHookExW 76C2210A 5 Bytes JMP 00280804 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] USER32.dll!SetWinEventHook 76C2507E 5 Bytes JMP 002801F8 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] USER32.dll!SetCursor 76C252EA 5 Bytes JMP 00100530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] USER32.dll!MonitorFromWindow 76C2590A 7 Bytes JMP 00100630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] USER32.dll!PostMessageW 76C26225 5 Bytes JMP 001005F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] USER32.dll!IsWindowVisible 76C26939 7 Bytes JMP 001006B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] USER32.dll!GetClientRect 76C274B1 7 Bytes JMP 001005B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] USER32.dll!MapWindowPoints 76C27915 5 Bytes JMP 00100570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] USER32.dll!GetParent 76C27AB3 7 Bytes JMP 001006F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] USER32.dll!SetClipboardData 76C34979 5 Bytes JMP 00100170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] USER32.dll!EmptyClipboard 76C34A28 5 Bytes JMP 00100130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] USER32.dll!GetClipboardData 76C34B47 5 Bytes JMP 00100030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] USER32.dll!EnumClipboardFormats 76C34D98 5 Bytes JMP 001001B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] USER32.dll!GetClipboardFormatNameW 76C37EB2 5 Bytes JMP 00100230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] USER32.dll!SetClipboardViewer 76C38F4D 5 Bytes JMP 001004B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] USER32.dll!GetClipboardFormatNameA 76C38F61 5 Bytes JMP 00100270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] USER32.dll!GetOpenClipboardWindow 76C3902F 1 Byte [E9] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] USER32.dll!GetOpenClipboardWindow 76C3902F 5 Bytes JMP 001003F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] USER32.dll!ChangeClipboardChain 76C43425 5 Bytes JMP 00100430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] USER32.dll!GetTopWindow 76C43A5D 7 Bytes JMP 00100730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] USER32.dll!CloseClipboard 76C45BA7 5 Bytes JMP 001000B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] USER32.dll!OpenClipboard 76C45BB9 5 Bytes JMP 00100070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] USER32.dll!IsClipboardFormatAvailable 76C45C3A 5 Bytes JMP 001000F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] USER32.dll!GetClipboardSequenceNumber 76C45C4E 5 Bytes JMP 00100330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] USER32.dll!GetClipboardOwner 76C45C60 5 Bytes JMP 00100370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] USER32.dll!CountClipboardFormats 76C45DC9 5 Bytes JMP 001001F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] USER32.dll!SetWindowsHookExA 76C46DFA 5 Bytes JMP 00280600 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] USER32.dll!SetCursorPos 76C5C1D8 5 Bytes JMP 00100770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] USER32.dll!GetClipboardViewer 76C74B57 5 Bytes JMP 00100470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] USER32.dll!GetPriorityClipboardFormat 76C74C59 5 Bytes JMP 001003B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] ole32.dll!OleSetClipboard 7701F2FE 5 Bytes JMP 002A0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] ole32.dll!OleIsCurrentClipboard 77022489 5 Bytes JMP 002A0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] ole32.dll!OleGetClipboard 7704F825 5 Bytes JMP 002A00B0 .text C:\Users\Soesje\Downloads\qqtne367.exe[5448] ntdll.dll!LdrUnloadDll 779FBF1F 5 Bytes JMP 001E03FC .text C:\Users\Soesje\Downloads\qqtne367.exe[5448] ntdll.dll!LdrLoadDll 779FF625 5 Bytes JMP 001E01F8 .text C:\Users\Soesje\Downloads\qqtne367.exe[5448] KERNEL32.dll!GetBinaryTypeW + 70 771C7934 1 Byte [62] .text C:\Users\Soesje\Downloads\qqtne367.exe[5448] USER32.dll!UnhookWindowsHookEx 76C1CC7B 5 Bytes JMP 00200A08 .text C:\Users\Soesje\Downloads\qqtne367.exe[5448] USER32.dll!UnhookWinEvent 76C1D924 5 Bytes JMP 002003FC .text C:\Users\Soesje\Downloads\qqtne367.exe[5448] USER32.dll!SetWindowsHookExW 76C2210A 5 Bytes JMP 00200804 .text C:\Users\Soesje\Downloads\qqtne367.exe[5448] USER32.dll!SetWinEventHook 76C2507E 5 Bytes JMP 002001F8 .text C:\Users\Soesje\Downloads\qqtne367.exe[5448] USER32.dll!SetWindowsHookExA 76C46DFA 5 Bytes JMP 00200600 .text C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe[5864] ntdll.dll!LdrUnloadDll 779FBF1F 5 Bytes JMP 001E03FC .text C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe[5864] ntdll.dll!LdrLoadDll 779FF625 5 Bytes JMP 001E01F8 .text C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe[5864] KERNEL32.dll!GetBinaryTypeW + 70 771C7934 1 Byte [62] .text C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe[5864] USER32.dll!UnhookWindowsHookEx 76C1CC7B 5 Bytes JMP 001F0A08 .text C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe[5864] USER32.dll!UnhookWinEvent 76C1D924 5 Bytes JMP 001F03FC .text C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe[5864] USER32.dll!SetWindowsHookExW 76C2210A 5 Bytes JMP 001F0804 .text C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe[5864] USER32.dll!SetWinEventHook 76C2507E 5 Bytes JMP 001F01F8 .text C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe[5864] USER32.dll!SetWindowsHookExA 76C46DFA 5 Bytes JMP 001F0600 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[5908] ntdll.dll!LdrUnloadDll 779FBF1F 5 Bytes JMP 001703FC .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[5908] ntdll.dll!LdrLoadDll 779FF625 5 Bytes JMP 001701F8 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[5908] KERNEL32.dll!GetBinaryTypeW + 70 771C7934 1 Byte [62] .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[5908] USER32.dll!UnhookWindowsHookEx 76C1CC7B 5 Bytes JMP 002F0A08 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[5908] USER32.dll!UnhookWinEvent 76C1D924 5 Bytes JMP 002F03FC .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[5908] USER32.dll!SetWindowsHookExW 76C2210A 5 Bytes JMP 002F0804 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[5908] USER32.dll!SetWinEventHook 76C2507E 5 Bytes JMP 002F01F8 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[5908] USER32.dll!SetWindowsHookExA 76C46DFA 5 Bytes JMP 002F0600 .text c:\Program Files\Nero\Update\NASvc.exe[5960] ntdll.dll!LdrUnloadDll 779FBF1F 5 Bytes JMP 001F03FC .text c:\Program Files\Nero\Update\NASvc.exe[5960] ntdll.dll!LdrLoadDll 779FF625 5 Bytes JMP 001F01F8 .text c:\Program Files\Nero\Update\NASvc.exe[5960] KERNEL32.dll!GetBinaryTypeW + 70 771C7934 1 Byte [62] .text c:\Program Files\Nero\Update\NASvc.exe[5960] USER32.dll!UnhookWindowsHookEx 76C1CC7B 5 Bytes JMP 00200A08 .text c:\Program Files\Nero\Update\NASvc.exe[5960] USER32.dll!UnhookWinEvent 76C1D924 5 Bytes JMP 002003FC .text c:\Program Files\Nero\Update\NASvc.exe[5960] USER32.dll!SetWindowsHookExW 76C2210A 5 Bytes JMP 00200804 .text c:\Program Files\Nero\Update\NASvc.exe[5960] USER32.dll!SetWinEventHook 76C2507E 5 Bytes JMP 002001F8 .text c:\Program Files\Nero\Update\NASvc.exe[5960] USER32.dll!SetWindowsHookExA 76C46DFA 5 Bytes JMP 00200600 .text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[6052] ntdll.dll!LdrUnloadDll 779FBF1F 5 Bytes JMP 001E03FC .text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[6052] ntdll.dll!LdrLoadDll 779FF625 5 Bytes JMP 001E01F8 .text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[6052] KERNEL32.dll!GetBinaryTypeW + 70 771C7934 1 Byte [62] .text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[6052] USER32.dll!UnhookWindowsHookEx 76C1CC7B 5 Bytes JMP 001F0A08 .text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[6052] USER32.dll!UnhookWinEvent 76C1D924 5 Bytes JMP 001F03FC .text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[6052] USER32.dll!SetWindowsHookExW 76C2210A 5 Bytes JMP 001F0804 .text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[6052] USER32.dll!SetWinEventHook 76C2507E 5 Bytes JMP 001F01F8 .text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[6052] USER32.dll!SetWindowsHookExA 76C46DFA 5 Bytes JMP 001F0600 ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1476] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [71CCF6D0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\Program Files\AVAST Software\Avast\AvastUI.exe[3600] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [71CCF6D0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!MoveFileExW] 00090090 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] @ C:\Windows\system32\ole32.dll [USER32.dll!GetKeyState] 001007D0 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetFocus] 00100790 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetKeyState] 001007D0 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] 00090090 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[4340] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!MoveFileExW] 00090090 ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Aparat wykonawczy struktury sterowników trybu jądra/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Aparat wykonawczy struktury sterowników trybu jądra/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) ---- Registry - GMER 2.1 ---- Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex@CheckPointNumber 158 Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{215C877E-424C-11E2-B5C0-806E6F6E6963} 1896416448 ---- EOF - GMER 2.1 ----